URL: https://github.com/freeipa/freeipa/pull/416
Title: #416: replica install: relax domain level check for promotion
HonzaCholasta commented:
"""
Excuse me, but what is the point of checking for an exact domain level?
Shouldn't `check_domain_level()` rather always check for a
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/10ef5947860f5098182b1f95c08c1158e2da15f9
https://fedorahosted.org/fr
URL: https://github.com/freeipa/freeipa/pull/337
Author: LiptonB
Title: #337: Client-side CSR autogeneration (take 2)
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/337/head:pr337
git checkout pr337
--
Manage
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/416
Title: #416: replica install: relax domain level check for promotion
HonzaCholasta commented:
"""
I see. The point is, `check_domain_level()` is supposed to check whether
replica promotion is possible or not in the current domain
URL: https://github.com/freeipa/freeipa/pull/336
Title: #336: [py3] pki: add missing depedency pki-base[-python3]
HonzaCholasta commented:
"""
LGTM
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/336#issuecomment-276612233
--
Manage your subs
URL: https://github.com/freeipa/freeipa/pull/436
Title: #436: x509: allow leading text in PEM files
HonzaCholasta commented:
"""
Oops, didn't realize that `^` matches beginning of each line in multiline mode.
I think we can keep the test, though.
"""
URL: https://github.com/freeipa/freeipa/pull/436
Author: HonzaCholasta
Title: #436: x509: allow leading text in PEM files
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/436/head:pr436
git checkout pr436
URL: https://github.com/freeipa/freeipa/pull/436
Title: #436: x509: allow leading text in PEM files
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/89dfbab3ca076812590f371c21abcb51b350170b
"""
See the full comment
URL: https://github.com/freeipa/freeipa/pull/436
Title: #436: x509: allow leading text in PEM files
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/436
Author: HonzaCholasta
Title: #436: x509: allow leading text in PEM files
Action: opened
PR body:
"""
This fixes a regression introduced in commit
b8d6524d43dd0667184aebc79fb77a9b8a46939a.
https://fedorahosted.org/free
URL: https://github.com/freeipa/freeipa/pull/436
Author: HonzaCholasta
Title: #436: x509: allow leading text in PEM files
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/436/head:pr436
git checkout pr436
URL: https://github.com/freeipa/freeipa/pull/438
Author: HonzaCholasta
Title: #438: ipaldap: preserve order of values in LDAPEntry._sync()
Action: opened
PR body:
"""
In Python 2, the order was preserved by accident.
This change makes sure the order is preserved in both
URL: https://github.com/freeipa/freeipa/pull/336
Title: #336: [py3] pki: add missing depedency pki-base[-python3]
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/396
Title: #396: Explicitly remove support of SSLv2
HonzaCholasta commented:
"""
@stlaz, you don't have to replace `root_logger` in old code, but don't use it
in new code.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/438
Author: HonzaCholasta
Title: #438: ipaldap: preserve order of values in LDAPEntry._sync()
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/438/head:pr438
git
URL: https://github.com/freeipa/freeipa/pull/427
Author: MartinBasti
Title: #427: [Py3] WSGI part 2
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/427/head:pr427
git checkout pr427
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/427
Title: #427: [Py3] WSGI part 2
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/427
Title: #427: [Py3] WSGI part 2
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/caa560ca79e4038b161b27d11e3f144606dbbcdb
https://fedorahosted.org/fr
URL: https://github.com/freeipa/freeipa/pull/370
Title: #370: ci: send build log to paste.fedoraproject.org
HonzaCholasta commented:
"""
Right, I suggested https://transfer.sh, because uploading a file there is as
easy as:
```bash
curl --upload-file ./file https://transfer.sh
URL: https://github.com/freeipa/freeipa/pull/427
Title: #427: [Py3] WSGI part 2
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/370
Title: #370: ci: send build log to paste.fedoraproject.org
HonzaCholasta commented:
"""
@martbab, I would rather not include irrelevant stuff, it's just noise.
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/408
Author: HonzaCholasta
Title: #408: ipaldap: properly escape raw binary values in LDAP filters
Action: opened
PR body:
"""
Manually escape each byte in the value, do not use
ldap.filter.escape_filter_chars() as it does not
URL: https://github.com/freeipa/freeipa/pull/408
Author: HonzaCholasta
Title: #408: ipaldap: properly escape raw binary values in LDAP filters
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/408/head:pr408
URL: https://github.com/freeipa/freeipa/pull/408
Author: HonzaCholasta
Title: #408: ipaldap: properly escape raw binary values in LDAP filters
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/408/head:pr408
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
@LiptonB, there's still one issue which I'd like to be resolved in this PR, and
that's that currently CSR templates are tied to certificat
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
@LiptonB, I think certificate profiles and CSR generation profiles / templates
*should* be associated, but not by sharing the same logical `certp
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, replica install still fails for me in the same way as before.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/359
Title: #359: dogtag: search past the first 100 certificates
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/d84edc43e55c2f7c30614a4a5268aeb58e33a087
https://fedorahosted.org/fr
URL: https://github.com/freeipa/freeipa/pull/359
Title: #359: dogtag: search past the first 100 certificates
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, it turns out the request fails not on the replica, but on the initial
master, so it's actually `ipa-server-install` which is
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
Both replica install and CA-less install now work, but:
* `ipa-replica-install` creates `/var/lib/ipa/radb` owned by `root` rather than
`i
URL: https://github.com/freeipa/freeipa/pull/419
Author: HonzaCholasta
Title: #419: ipa-ca-install: do not fail without --subject-base and
--ca-subject
Action: opened
PR body:
"""
When --subject-base and --ca-subject are not specified in ipa-ca-install,
default values are u
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
Before I push this, could you please:
* squash "Fix broken tests in CSR autogeneration" into "Add tests for CSR
autogeneration&q
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/418
Author: HonzaCholasta
Title: #418: replica install: do not log host OTP
Action: opened
PR body:
"""
Do not log the value of the --password option of ipa-client-install when it
is run from ipa-replica-install before replica pr
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
@LiptonB, I meant it the other way around - `certprofile` should have an
(optional) attribute which points to the associated CSR template.
&q
URL: https://github.com/freeipa/freeipa/pull/395
Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1"
HonzaCholasta commented:
"""
@pvoborni, there is no benefit in bumping `Requires` in a separate patch, as
this patch is blocke
URL: https://github.com/freeipa/freeipa/pull/419
Author: HonzaCholasta
Title: #419: ipa-ca-install: do not fail without --subject-base and
--ca-subject
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/419
URL: https://github.com/freeipa/freeipa/pull/419
Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/87400cdec1054971f50f90a0c63f18ab045f3833
"&quo
URL: https://github.com/freeipa/freeipa/pull/419
Title: #419: ipa-ca-install: do not fail without --subject-base and --ca-subject
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/476
Author: HonzaCholasta
Title: #476: vault: cache the transport certificate on client
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/476/head:pr476
git
URL: https://github.com/freeipa/freeipa/pull/490
Author: HonzaCholasta
Title: #490: [WIP] certdb: use certutil and match_hostname for cert
verification
Action: opened
PR body:
"""
Use certutil and ssl.match_hostname calls instead of python-nss for
certificate verificatio
URL: https://github.com/freeipa/freeipa/pull/476
Author: HonzaCholasta
Title: #476: vault: cache the transport certificate on client
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/476/head:pr476
git
URL: https://github.com/freeipa/freeipa/pull/397
Title: #397: Improve wheel building and provide ipaserver wheel for local
testing
HonzaCholasta commented:
"""
I can't say I agree with this approach. If this is just for testing, surely you
can work around the missing `pyhbac` i
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
HonzaCholasta commented:
"""
LGTM.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/437#issuecomment-281333137
--
Manage your subscription for the Fre
URL: https://github.com/freeipa/freeipa/pull/490
Title: #490: [WIP] certdb: use certutil and match_hostname for cert verification
HonzaCholasta commented:
"""
@tiran, how do I ensure that?
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/490
Author: HonzaCholasta
Title: #490: [WIP] certdb: use certutil and match_hostname for cert
verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/490
URL: https://github.com/freeipa/freeipa/pull/492
Title: #492: [WIP] config: remove meaningless defaults
HonzaCholasta commented:
"""
@tiran, not really, the order does not matter here.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/492#iss
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
HonzaCholasta commented:
"""
LGTM. @flo-renaud, don't forget to register the new OIDs.
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/113
Title: #113: ipalib.constants: Remove default domain, realm, basedn,
xmlrpc_uri, ldap_uri
Label: +rejected
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
URL: https://github.com/freeipa/freeipa/pull/492
Author: HonzaCholasta
Title: #492: [WIP] config: remove meaningless defaults
Action: opened
PR body:
"""
**ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri**
Domain, realm, basedn, xmlrpc_uri, ldap_
URL: https://github.com/freeipa/freeipa/pull/113
Author: pspacek
Title: #113: ipalib.constants: Remove default domain, realm, basedn,
xmlrpc_uri, ldap_uri
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/113
Title: #113: ipalib.constants: Remove default domain, realm, basedn,
xmlrpc_uri, ldap_uri
HonzaCholasta commented:
"""
Superseded by #492.
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/301
Author: HonzaCholasta
Title: #301: scripts, tests: explicitly set confdir in the rest of server code
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/301
URL: https://github.com/freeipa/freeipa/pull/301
Title: #301: scripts, tests: explicitly set confdir in the rest of server code
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/fe6f2b6f6effcf9f3c58e1e3f6d0874609c10c25
"&quo
URL: https://github.com/freeipa/freeipa/pull/397
Title: #397: Improve wheel building and provide ipaserver wheel for local
testing
HonzaCholasta commented:
"""
The trust plugin and other trust bits are optional. The cert plugin, which
depends on `pyhbac`, is *not* optional, so
URL: https://github.com/freeipa/freeipa/pull/476
Author: HonzaCholasta
Title: #476: vault: cache the transport certificate on client
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/476/head:pr476
git
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
Besides what I wrote in inline comments, we need to get rid of
`/var/lib/ipa/radb` now that it's unused.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/490
Author: HonzaCholasta
Title: #490: [WIP] certdb: use certutil and match_hostname for cert
verification
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/490
URL: https://github.com/freeipa/freeipa/pull/471
Title: #471: Fix some privilege separation regressions
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/b4fa354f500bcf3ac23ee3805f2c166c6a635b92
https://fedorahosted.org/fr
URL: https://github.com/freeipa/freeipa/pull/471
Title: #471: Fix some privilege separation regressions
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/471
Author: HonzaCholasta
Title: #471: Fix some privilege separation regressions
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/471/head:pr471
git checkout pr471
URL: https://github.com/freeipa/freeipa/pull/471
Author: HonzaCholasta
Title: #471: Fix some privilege separation regressions
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/471/head:pr471
git checkout
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: added ssl verification
HonzaCholasta commented:
"""
We don't want to trust certificates issued by random internet CAs, this is how
it should have been from the beginning. A commit message would be nice though.
@tsch
URL: https://github.com/freeipa/freeipa/pull/505
Author: HonzaCholasta
Title: #505: dns: fix `dnsrecord_add` interactive mode
Action: opened
PR body:
"""
`dnsrecord_add` interactive mode might prompt for value of non-existent
arguments `a_part_create_reverse` and `_part
URL: https://github.com/freeipa/freeipa/pull/476
Author: HonzaCholasta
Title: #476: vault: cache the transport certificate on client
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/476/head:pr476
git
URL: https://github.com/freeipa/freeipa/pull/498
Author: HonzaCholasta
Title: #498: compat: fix `Any` params in `batch` and `dnsrecord`
Action: opened
PR body:
"""
The `methods` argument of `batch` and `dnsrecords` attribute of `dnsrecord`
were incorrectly defined as `Str`
URL: https://github.com/freeipa/freeipa/pull/492
Author: HonzaCholasta
Title: #492: [WIP] config: remove meaningless defaults
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/492/head:pr492
git checkout
URL: https://github.com/freeipa/freeipa/pull/472
Title: #472: Packaging: Add placeholder packages
HonzaCholasta commented:
"""
Is this really the right thing to do? IMO it does not make much sense to have
placeholders for every `ipa*` package, as it does not scale a
URL: https://github.com/freeipa/freeipa/pull/471
Author: HonzaCholasta
Title: #471: Fix some privilege separation regressions
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/471/head:pr471
git checkout
URL: https://github.com/freeipa/freeipa/pull/471
Title: #471: Fix some privilege separation regressions
HonzaCholasta commented:
"""
@stlaz, not sure what's going on there, but not my fault, these failures happen
even without this PR.
"""
See the full comment
URL: https://github.com/freeipa/freeipa/pull/492
Title: #492: [WIP] config: remove meaningless defaults
HonzaCholasta commented:
"""
I stand corrected, but it does not make sense to reorder the code as you
suggested anyway, as it would change the current default of `se
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
HonzaCholasta commented:
"""
Thank you. LGTM, but please squash the fixup commit.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/434#iss
URL: https://github.com/freeipa/freeipa/pull/495
Title: #495: Fix ipa-server-upgrade
HonzaCholasta commented:
"""
@MartinBasti, https://fedorahosted.org/freeipa/ticket/5959.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/495#issuecom
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
I would personally go with:
* Change session handling: 5959
* Generate tmpfiles config at install time: 5959
* Drop use of kinit_as_http
URL: https://github.com/freeipa/freeipa/pull/463
Title: #463: pylint_plugins: add forbidden import checker
HonzaCholasta commented:
"""
The format could be nicer though - suggestions are welcome.
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, I don't agree, the changes in `ipalib/rpc.py` are a pre-requisite for
the changes in `ipatests/util.py`, but that doesn't m
URL: https://github.com/freeipa/freeipa/pull/463
Title: #463: pylint_plugins: add forbidden import checker
HonzaCholasta commented:
"""
I don't know what you mean, could you give me an example?
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/463
Title: #463: pylint_plugins: add forbidden import checker
HonzaCholasta commented:
"""
You can, using:
```
ipaclient/install/
```
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/463#issuecom
URL: https://github.com/freeipa/freeipa/pull/464
Title: #464: Bump required python-cryptography version
HonzaCholasta commented:
"""
NACK, you didn't update the comments.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/464#issuecom
URL: https://github.com/freeipa/freeipa/pull/463
Author: HonzaCholasta
Title: #463: pylint_plugins: add forbidden import checker
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/463/head:pr463
git checkout
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, I don't think this is the correct approach. Rather than deleting
`context.session_cookie` in `RPCClient.destroy_connection()`
URL: https://github.com/freeipa/freeipa/pull/463
Author: HonzaCholasta
Title: #463: pylint_plugins: add forbidden import checker
Action: opened
PR body:
"""
Add new pylint AST checker plugin which implements a check for imports
forbidden in IPA. Which imports are forbidden
URL: https://github.com/freeipa/freeipa/pull/463
Title: #463: pylint_plugins: add forbidden import checker
HonzaCholasta commented:
"""
@MartinBasti, this issue is already solved in the PR without using regular
expressions. See `pylintrc` for example.
"""
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
@simo5, most of the commits do not have a ticket link, is this intentional?
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
HonzaCholasta commented:
"""
@flo-renaud, nevermind the `default_from` suggestion, I was wrong - if e.g.
both `--certmapdata` and `--certificate` are specified, we w
URL: https://github.com/freeipa/freeipa/pull/443
Title: #443: Stronger check for DM password during server install
HonzaCholasta commented:
"""
IMHO you got it backwards - DM password may not comply to NSS requirements for
passwords, therefore it must not be used as a passw
URL: https://github.com/freeipa/freeipa/pull/464
Title: #464: Bump required python-cryptography version
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/5b56952a547277fab4c68da02f213d40f931a4ca
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/464
Author: stlaz
Title: #464: Bump required python-cryptography version
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/464/head:pr464
git checkout pr464
--
Manage
URL: https://github.com/freeipa/freeipa/pull/464
Title: #464: Bump required python-cryptography version
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/464
Title: #464: Bump required python-cryptography version
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/396
Title: #396: Explicitly remove support of SSLv2
HonzaCholasta commented:
"""
LGTM.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/396#issuecomment-279935166
--
Manage your subscription for
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/c894ebefc5c4c4c7ea340d6ddc4cd3c081917e4a
https://fedorahosted.org/fr
URL: https://github.com/freeipa/freeipa/pull/314
Author: simo5
Title: #314: RFC: privilege separation for ipa framework code
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/314/head:pr314
git checkout pr314
--
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
HonzaCholasta commented:
"""
Thank you.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/314#issuecomment-279925390
--
Manage you
URL: https://github.com/freeipa/freeipa/pull/450
Title: #450: Add FIPS-token password of HTTPD NSS database
HonzaCholasta commented:
"""
LGTM. I guess we don't have to bother with upgrade, given that you can turn on
FIPS post-install, right?
"""
See the full
1 - 100 of 477 matches
Mail list logo